I've run across two update issues when updating a fresh install of 64-bit Windows 7 SP1. On x86 platform I haven't had such problems.

The first problem is with update KB4040973, which is asked to be installed over and over. That is, it doesn't get counted as installed. I ran the provided script ListInstalledUpdateIds.vbs and it confirmed that. Tried uninstalling and installing the update manually, but to no avail.

The other update KB2631813 is listed as superseded even though it's later asked to be installed. I ended up adding it as a custom static update and that solved the problem. So, should this update be considered superseded?

I think, that kb2631813 was superseded by the full quality update rollup for October 2016 or November 2016.

At one point, I could automatically download this update, using a complicated method to calculate superseded updates: it was meant to recover superseded updates, if the superseding update is omitted from download. Then the update kb2631813 for w61-x64 was actually downloaded.

But most of these calculations are not necessary anymore: In November 2016, the full quality update rollup superseded the security-only update rollup. This meant, that the security-only updates were not downloaded, even if the full quality update rollups were excluded from download.

This caused problems with WSUS Offline Update, and the "new method for calculating superseded updates" was meant to handle this. But it also caused problems with Microsoft's own tools, and then it was reverted the very next month, in December 2016:

More on Windows 7 and Windows 8.1 servicing changes

UPDATE: 12/5/2016: In November 2016, the Security Monthly Quality Rollups were released as superseding the Security Only Quality updates. This resulted in an impact to customers deploying the Security Only Quality updates, using tools that cannot easily deploy superseded updates, such as System Center Configuration Manager 2007. Based on customer feedback, this supersedence has been changed in December 2016. Please review the updates below if this impacts your deployment scenarios.(...)

UPDATED 12/5/2016: Starting in December 2016, monthly rollups will not supersede security only updates. The November 2016 monthly rollup will also be updated to not supersede security only updates. Installing the latest monthly rollup will ensure the PC is compliant for all security updates released in the new servicing model."

Now the problem rather is, that by default, both "quality" and "security-only" updates are downloaded. This is not a major problem, but maybe we could just save some space.

Remaining issues can be solved by adding the updates to the configuration files were necessary: I would suggest to add "windows6.1-kb2631813-x64" to the file wsusoffline/exclude/ExcludeList-superseded-exclude.txt or to the custom counterpart wsusoffline/exclude/custom/ExcludeList-superseded-exclude.txt .

The update kb4040973 is the September 2017 Security and Quality Rollup for .NET Frameworks. The reference can be found in all these files:

These updates are only necessary, if you installed one of the .NET Frameworks manually. The bundled or pre-installed .NET Framework for Windows 7 is updated with the regular Windows 7 updates.

The best check, which updates are actually missing, would be a test with the Microsoft Baseline Security Analyzer (MBSA). It uses the same WSUS catalog file wsusscn2.cab and can work completely offline, just like WSUS Offline Update.

These updates are only necessary, if you installed one of the .NET Frameworks manually. The bundled or pre-installed .NET Framework for Windows 7 is updated with the regular Windows 7 updates.

The best check, which updates are actually missing, would be a test with the Microsoft Baseline Security Analyzer (MBSA). It uses the same WSUS catalog file wsusscn2.cab and can work completely offline, just like WSUS Offline Update.

First off, thank you for your reply.

Yes, I install the .NET Framework 4.7 manually, but the update kb4040973* keeps installing indefinitely as I said before. That's the issue. Please, take a look at the log:

The problem is that the DisplayName value of the update kb4040973 is being written* to the Wow6432Node registry key and such a key cannot be accessed by the ListInstalledUpdateIds.vbs script. So I included a Wow6432Node key:

The problem is that the DisplayName value of the update kb4040973 is being written* to the Wow6432Node registry key and such a key cannot be accessed by the ListInstalledUpdateIds.vbs script. So I included a Wow6432Node key:

I have installed ndp46-kb4040973-x64_5da041181051d83e3aad0950ef4b5c7db58520f7.exemanually. It did say it was installed successful.I ran WSUS. It tried to install it again.I ran the VBS above. I didn't see any output. I ran WSUS. It tried to install it again.

I work for a department where security is of utmost concern; our systems are not connected to the Internet which is why we use (and love) the wsusoffline update process.

The updated .vbs file resolves our issue where KB4040973 keeps the update process in an endless update-and-reboot loop. When can we anticipate this updated script to be included with the packaged download? There is a *great* deal of red tape that we must go through to make any sort of modifications to what is deemed "COTS" so the inclusion of this new script would help us out tremendously!